diff options
| author | Jerry Jelinek <jerry.jelinek@joyent.com> | 2015-05-18 20:24:06 +0000 |
|---|---|---|
| committer | Jerry Jelinek <jerry.jelinek@joyent.com> | 2015-05-18 20:24:06 +0000 |
| commit | a0bf79e3491312031d4ee3ae93520518d3c1372b (patch) | |
| tree | 49b4cfbb952ae591da78f2c5d1f7d171af90dbbb | |
| parent | aa1f3523d09621381a6e5664e41c9b8fc4ef1650 (diff) | |
| download | illumos-joyent-a0bf79e3491312031d4ee3ae93520518d3c1372b.tar.gz | |
OS-4281 SegFault upon invoking io_submit by trinity
| -rw-r--r-- | usr/src/lib/brand/lx/lx_brand/common/aio.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/usr/src/lib/brand/lx/lx_brand/common/aio.c b/usr/src/lib/brand/lx/lx_brand/common/aio.c index 36c7cf3afb..604ba76796 100644 --- a/usr/src/lib/brand/lx/lx_brand/common/aio.c +++ b/usr/src/lib/brand/lx/lx_brand/common/aio.c @@ -25,6 +25,7 @@ #include <errno.h> #include <limits.h> #include <strings.h> +#include <stdlib.h> #include <sys/lx_types.h> #include <sys/lx_debug.h> #include <sys/lx_stat.h> @@ -132,12 +133,13 @@ lx_io_submit(lx_aio_context_t *ctx, long nr, uintptr_t **bpp) if (nr <= 0 || ctx == NULL) return (-EINVAL); - if ((iocbpp = - (lx_iocb_t **)SAFE_ALLOCA(nr * sizeof (uintptr_t))) == NULL) + if ((iocbpp = (lx_iocb_t **)malloc(nr * sizeof (uintptr_t))) == NULL) return (-EAGAIN); - if (uucopy(bpp, iocbpp, nr * sizeof (uintptr_t)) != 0) + if (uucopy(bpp, iocbpp, nr * sizeof (uintptr_t)) != 0) { + free(iocbpp); return (-EFAULT); + } mutex_lock(&ctx->lxaio_lock); @@ -255,6 +257,7 @@ lx_io_submit(lx_aio_context_t *ctx, long nr, uintptr_t **bpp) mutex_unlock(&ctx->lxaio_lock); + free(iocbpp); if (processed == 0) return (-err); |